If you only casually followed the early days of the Edward Snowden case, you probably don’t know who Ladar Levison is. But to many, he’s a hero.
When the federal government first began investigating Snowden, they went to Levison and asked him to essentially open up Lavabit, the secure email service he’d created. Snowden was a Lavabit user, and the FBI wanted access to his email account. The problem for Levison is that he couldn’t make Snowden’s emails accessible without also providing the FBI with access to the email accounts of nearly half a million other Lavabit users.
Exposing his clients to the prying eyes of the government would be at odds with everything Levison believed about the ideal relationship between service providers and their users. So Levison did the only thing that made sense, and destroyed his own company to keep user information out of the hands of the FBI.
Four years later, he’s relaunching the service. Using what he learned in the Snowden affair, Levison has made Lavabit even more secure--making it impossible for him (or the government) to access. Which means if there’s ever another Snowden, Levison will be able to stand his ground without destroying his life’s work.
Freethink: So, what is Lavabit and why did you start it?
Ladar: Lavabit is an encrypted communications company that I started 10 years ago in reaction to the April 1, 2004, announcement by Google that they were launching their Gmail service. Being a heavy email user at the time, I was concerned that Google was going to be scanning people's messages and using that information to profile them.
Freethink: But this service was also about avoiding other types of snooping, right?
Ladar: Headlines started coming out in 2004 regarding national security letters, which were a mechanism that had been introduce — or at least re-prioritized — by the PATRIOT Act that allowed the FBI to collect information from service providers without being adjudicated or reviewed by a judge.
And I was very concerned with that particular mechanism because I felt it was unconstitutional. I think it still is unconstitutional. Particularly because those letters come with some very restrictive provisions regarding speech: typically, national security letters are classified, which means revealing the existence of one of these letters would be a violation of the Espionage Act.
As an email service provider, I was concerned I would receive one of these letters someday and I'd be put in this difficult position of having to choose between defending the constitution or going to jail. Knowing myself, I knew I would pick jail.
Freethink: It sounds like philosophy-dictated technology.
Ladar: When I realized there was a very realistic probability that I could find myself choosing to go to jail rather than violate the constitution, I put on my engineering cap and tried to create a solution that would remove the service provider from the surveillance equation. And that solution was the asymmetrically encrypted storage system that became the issue of the highly publicized [Snowden] case 10 years later.
Freethink: And what is asymmetrical encryption?
Ladar: Asymmetric encryption is a way of describing algorithms in which you have a public key and a private key. And typically, the way these algorithms work is you can protect data with the public key and distribute said public key, but only somebody in position of the private key can decrypt that information.
So the way my system worked is that when a message arrived at my server, I would immediately encrypt it with the user's public key and only when that user logged in and provided their password could the system decrypt the private key and therefore decrypt the message on disk.
Freethink: So tell me about that knock at the door in 2013.
Ladar: In the summer of 2013, I had a knock on my door by a couple of FBI agents. And as it turns out, there was a user of my system that they were particularly keen on surveilling [Editor’s note: At the time of this interview, Ladar was legally prohibited from naming Snowden as the Lavabit user targeted by the FBI. But after the government accidentally revealed Snowden was the user they were investigating, Ladar is now free to acknowledge the same ]. And, again, for the first time, this user was one of the few on my system that had activated the encrypted storage system.
I spent several hours with the two FBI agents explaining how the system worked, what information I had, what information I didn't have nor could access.
I agreed to let them install the pen register trap and trace device on my network. I didn't think I had a choice. But I also realized that I was using what's called transport layer security [TLS] which is another type of encryption to protect all of the data as it traversed my network. And that became the source of the dispute that I had with the federal prosecutors.
They felt that because they had the right to install that device, they also had the right to demand the private key for my business so they could decrypt all of those communications.
Freethink: So they basically wanted to turn your private business into a surveillance tool.
Ladar: Precisely. They wanted the private key for my business so they could masquerade as Lavabit on the internet and intercept all of the encrypted communications and then presumably pass those through to the actual Lavabit servers.
And if you believe them, those communications would come through unaltered.
What most people don't realize is that because of the way the system was designed and the nature of the way they were planning to attack it, they had to decrypt everyone's communications before they could even isolate those belonging to their target.
Freethink: What was your reaction to that?
Ladar: About two and a half hours into this conversation, late on a Friday, the agent finally says, "Well, then you'll just have to give us your private key." And I started to say, "Well, I don't have access to the decrypted private key for the user." And he said, "No, no, no. The TLS private key."
And I just remember thinking, "Wow. I'd never heard of a request like that coming from law enforcement. I have no idea what the law says in that regard." So the way I reacted was by telling those agents I wasn't comfortable with that request and would need to consult with a lawyer first.
Six weeks after that, I found myself being held in contempt of court and being fined $5,000 a day. Because I was gagged, I couldn't even admit to anyone who wasn't a lawyer that I have received such a request. So I decided to shut down the service and turn over the key.
It was like getting a request from the court for the keys to your house, but before you turn over those keys, you burn the house down. It's not a perfect analogy, because technically, I couldn't destroy anything. If I had, it would have been a clear cut obstruction of justice charge, because I would have been destroying evidence.
Freethink: That was 10 years of your life, gone. How did it feel to make that choice?
Ladar: Oh, it was absolutely surreal. I remember hanging out with some friends, sitting at the table listening to their conversation, and thinking, "As soon as this is over, I'm headed down to my data center to destroy the business I spent 10 years building."
And that's exactly what I did. I drove down to the data center, shut down all the systems, started moving all of the user data off to external encrypted hard drives and the rest is history. And then several hours later, I'm standing in front of the Dallas branch of the FBI turning over the key. Twenty-four hours later, I posted the letter and it's been a roller coaster ride ever since.
I remember thinking when I turned over the key that they might want to arrest me because I had already shut down the system. But that transaction went smoothly. And then I remember thinking, "Well, as soon as I post this letter, I'm going to get arrested." And the arrest never came.
There was nothing I could do to change the circumstances that led to me having to turn over the key. I couldn't tell anybody what happened. How do you change the law if you can't tell people how it's being applied? And that cold reality made the decision to shut down the service very easy.
Freethink: That's staggering.
Ladar: But think about the alternative, which was to become complicit in crimes against the American people. To me, that was the worst of the two choices.
Freethink: Can you talk a bit about privacy as a concept? Maybe explain why it's important for people who think they have nothing to hide?
Ladar: Privacy is control over how people perceive you and what people know about you. For example, how old I am. If someone knew that piece of information, they would make certain judgments about me. But by keeping that information private, I have the ability to control how I'm perceived. Surveillance strips us of that control, because it means people are learning things about us that we never intended them to know.
I believe privacy is an inalienable right. Even in a time of war, privacy is critical to the functioning of a free and fair democracy. How can we form our opinions if we're constantly being judged about what we say and who we interact with?
That's why it scares me when people say they have nothing to hide. Because not only does your behavior change when you know you're being watched, even if you're not breaking the law there could still be information about yourself and your life that you don't want to share. But if an authority ever came to possess that information, they could bend you to their will merely by threatening to expose that piece of information.
You don't fully understand the importance of privacy until you've lost it, because when you lose it, you realize you start doing things differently. You start saying things differently. And you feel this sort of distaste for what you feel you have to do.
Watch our Coded episode on Ladar Levison and Lavabit below: